From f978278995d02a58e311fe017bdbb2c3702dd3bc Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Mon, 17 Apr 2017 10:44:00 -0700 Subject: Fix the double free in verify_package_compatibility(). """ void* cookie; std::unique_ptr guard(cookie, EndIteration); ... EndIteration(cookie); """ The above pattern is buggy that frees 'cookie' twice. Bug: 37413730 Test: Build new recovery and adb sideload a previously crashed package that contains 'compatibility.zip'. Change-Id: I183c33827fb28a438ebaedda446e84cabe7cb92d --- install.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/install.cpp b/install.cpp index b4b869b98..6dcd3565e 100644 --- a/install.cpp +++ b/install.cpp @@ -544,7 +544,6 @@ bool verify_package_compatibility(ZipArchiveHandle package_zip) { } compatibility_info.emplace_back(std::move(content)); } - EndIteration(cookie); CloseArchive(zip_handle); // TODO(b/36814503): Enable the actual verification when VintfObject::CheckCompatibility() lands. -- cgit v1.2.3